PRIVACY NOTICE

This Privacy Notice explains how GR Risk Partners Ltd collects, uses, discloses, and protects the Personal Data of visitors to our website, clients, prospects, service providers, and any other individuals whose Personal Data we process ("you" or "your"). This Privacy Notice is provided in accordance with the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020 ("DIFC DP Law").

1. Who we are

Data Controller: GR Risk Partners Ltd
Registered Office: 601, Level 6, Liberty House, Dubai International Financial Centre, Dubai, United Arab Emirates
Email: rahul.misra@grriskpartners.com
Phone: +9715 59892638

We act as a Data Controller with respect to the Personal Data we process about you. This means we determine the purposes and means of processing your Personal Data.

2. We collect Personal Data

We may collect, process, and store the following categories of Personal Data:

• a) Identity Data: name, gender, title, date of birth
• b) Contact Data: email address, telephone number, postal address
• c) Professional Data: employer, job title, contract terms
• d) Technical Data: IP address, browser type and version, device information, usage data
• e) Financial Data: payment or bank information where relevant
• f) Regulatory/Compliance Data: identity documents, verification data required for AML/KYC and regulatory compliance

The above categories may comprise Personal Data as defined under the DIFC DP Law.

3. How we use your Personal Data

We use your personal data for the following purposes:

• To provide you with products and services you request
• To respond to enquiries and communicate with you
• For regulatory compliance (including AML/KYC requirements under applicable law)
• To improve our services and website functionality
• To comply with legal and regulatory obligations

Under the DIFC DP Law, processing must always be fair, transparent, and for specified lawful purposes.

4. Disclosure of Personal Data

We may share your Personal Data with:

• Third-party service providers and processors assisting us with business operations
• Regulators, law enforcement, or government authorities as required by law
• Related group companies where required to manage business operations

Where data is transferred outside the DIFC, or other jurisdictions, we will ensure appropriate safeguards are in place as required under applicable law.

5. Data Retention

We retain Personal Data for as long as necessary to fulfil the purpose(s) for which it was collected, including for compliance with legal, regulatory, tax, accounting, or reporting requirements.

6. Your rights under applicable laws
DIFC DP Law

You have similar rights, including the right to:

• Access and obtain a copy of your personal data processed by us
• Rectify or erase your data in certain circumstances
• Withdraw consent where consent is the legal basis
• Object to processing
• Complain to the relevant supervisory authority (e.g., DIFC Commissioner of Data Protection)

7. Security of Personal Data

We implement technical and organizational measures to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

8. Changes to this Notice

We may update this Privacy Notice from time to time. We will notify the significant changes by posting the updated version on our website.

9. Contact Us

If you have questions about this Privacy Notice or our data processing practices,
please contact: Email: rahul.misra@grriskpartners.com
Phone: +9715 59892638
Address: 601, Level 6, Liberty House, Dubai International Financial Centre, Dubai, United Arab Emirates.